Silverlight Security

Web applications are hot. Microsoft has the Silverlight framework to help developers create web apps. It is important for such developers to know how to lock down these web apps. Here is some high level guidance.

First you need to make sure users are who they say they are. Next you need to check whether the authenticated users are allowed to do the operations they are requesting. Finally you should audit what actually gets done. That is security in a nutshell.

Silverlight runs in the web browser. That provides some security. You need to ensure that the web app access to your services is locked down. Encrypt any comms between client and server. Use HTTPS and SSL for that.

Beware cross domain HTTP requests. This is a security vuln. Don't put sensitive info in such requests. Obfuscate your proprietary code. And even if somebody is authenticated, don't trust them with your source code. You IIS Directory Security to lock down specific files on your server.